Question No.61

A cybersecurity analyst is retained by a firm for an open investigation. Upon arrival, the cybersecurity analyst reviews several security logs.

Given the following snippet of code:

Which of the following combinations BEST describes the situation and recommendations to be made for this situation?

The cybersecurity analyst has discovered host 192.168.0.101 using Windows Task Scheduler at 13:30 to runnc.exe; recommend proceeding with the next step of removing the host from the network.

The cybersecurity analyst has discovered host 192.168.0.101 to be running thenc.exe file at 13:30 using the auto cron job remotely, there are no recommendations since this is not a threat currently.

The cybersecurity analyst has discovered host 192.168.0.101 is beaconing every day at 13:30 using thenc.exe file; recommend proceeding with the next step of removing the host from the network.

The security analyst has discovered host 192.168.0.101 is a rogue device on the network, recommend proceeding with the next step of removing the host from the network.

Correct Answer: A

Question No.62

A company wants to update its acceptable use policy (AUP) to ensure it relates to the newly implemented password standard, which requires sponsored authentication of guest wireless devices. Which of the following is MOST likely to be incorporated in the AUP?

Sponsored guest passwords must be at least ten characters in length and contain a symbol.

The corporate network should have a wireless infrastructure that uses open authentication standards.

Guests using the wireless network should provide valid identification when registering their wireless devices.

The network should authenticate all guest users using 802.1x backed by a RADIUS or LDAP server.

Correct Answer: C

Question No.63

An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians. Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO).

Drive adapters

Chain of custody form

Write blockers

Crime tape

Hashing utilities

Drive imager

Correct Answer: BC

Question No.64

An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has been asked for a recommendation to solve this issue. Which of the following should be applied?

MAC

TAP

NAC

ACL

Correct Answer: C

Question No.65

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would BEST support the program? (Select two.)

COBIT

NIST

ISO 27000 series

ITIL

OWASP

Correct Answer: BD

Question No.66

Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Select THREE).

Correct Answer: A

Question No.68

Based on the log above, which of the following vulnerability attacks is occurring?

ShellShock

DROWN

Zeus

Heartbleed

POODLE

Correct Answer: E

Question No.69

Which of the following best practices is used to identify areas in the network that may be vulnerable to penetration testing from known external sources?

Blue team training exercises

Technical control reviews

White team training exercises

Operational control reviews

Correct Answer: A

Question No.70

An organization wants to harden its web servers. As part of this goal, leadership has directed that vulnerability scans be performed, and the security team should remediate the servers according to industry best practices. The team has already chosen a vulnerability scanner and performed the necessary scans, and now the team needs to prioritize the fixes. Which of the following would help to prioritize the vulnerabilities for remediation in accordance with industry best practices?